Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-02 00:51:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
933db73351
linux/drivers/gpu
History
Vasily Averin 933db73351 drm/qxl: qxl_release use after free 
qxl_release should not be accesses after qxl_push_*_ring_release() calls:
userspace driver can process submitted command quickly, move qxl_release
into release_ring, generate interrupt and trigger garbage collector.

It can lead to crashes in qxl driver or trigger memory corruption
in some kmalloc-192 slab object

Gerd Hoffmann proposes to swap the qxl_release_fence_buffer_objects() +
qxl_push_{cursor,command}_ring_release() calls to close that race window.

cc: stable@vger.kernel.org
Fixes: f64122c1f6 ("drm: add new QXL driver. (v1.4)")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Link: http://patchwork.freedesktop.org/patch/msgid/fa17b338-66ae-f299-68fe-8d32419d9071@virtuozzo.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-04-29 13:21:34 +02:00
..
drm drm/qxl: qxl_release use after free 2020-04-29 13:21:34 +02:00
host1x drm/tegra: Fixes for v5.6-rc1 2020-02-07 12:22:30 +10:00
ipu-v3
trace gpu/trace: add a gpu total memory usage tracepoint 2020-03-03 17:52:41 -05:00
vga
Makefile gpu/trace: add a gpu total memory usage tracepoint 2020-03-03 17:52:41 -05:00